CFArrayRef SecAccessCopyMatchingACLList(SecAccessRef accessRef, CFTypeRef authorizationTag)
{
CFArrayRef result = NULL;
CSSM_ACL_AUTHORIZATION_TAG tag = GetACLAuthorizationTagFromString((CFStringRef)authorizationTag);
OSStatus err = SecAccessCopySelectedACLList(accessRef, tag, &result);
if (errSecSuccess != err)
{
result = NULL;
}
return result;
}
OSStatus SecACLUpdateAuthorizations(SecACLRef acl, CFArrayRef authorizations)
{
if (NULL == acl || NULL == authorizations)
{
return errSecParam;
}
uint32 tagCount = (uint32)CFArrayGetCount(authorizations);
size_t tagSize = (tagCount * sizeof(CSSM_ACL_AUTHORIZATION_TAG));
CSSM_ACL_AUTHORIZATION_TAG* tags = (CSSM_ACL_AUTHORIZATION_TAG*)malloc(tagSize);
memset(tags, 0, tagSize);
for (uint32 iCnt = 0; iCnt < tagCount; iCnt++)
{
tags[iCnt] = GetACLAuthorizationTagFromString((CFStringRef)CFArrayGetValueAtIndex(authorizations, iCnt));
}
OSStatus result = SecACLSetAuthorizations(acl, tags, tagCount);
free(tags);
return result;
}
SecAccessRef SecAccessCreateWithOwnerAndACL(uid_t userId, gid_t groupId, SecAccessOwnerType ownerType, CFArrayRef acls, CFErrorRef *error)
{
SecAccessRef result = NULL;
CSSM_ACL_PROCESS_SUBJECT_SELECTOR selector =
{
CSSM_ACL_PROCESS_SELECTOR_CURRENT_VERSION, // selector version
ownerType,
userId,
groupId
};
CSSM_LIST_ELEMENT subject2 = { NULL, 0 };
subject2.Element.Word.Data = (UInt8 *)&selector;
subject2.Element.Word.Length = sizeof(selector);
CSSM_LIST_ELEMENT subject1 =
{
&subject2, CSSM_ACL_SUBJECT_TYPE_PROCESS, CSSM_LIST_ELEMENT_WORDID
};
CFIndex numAcls = 0;
if (NULL != acls)
{
numAcls = CFArrayGetCount(acls);
}
#ifndef NDEBUG
CFStringRef debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
CFSTR("SecAccessCreateWithOwnerAndACL: processing %d acls"), (int)numAcls);
CFShow(debugStr);
CFRelease(debugStr);
#endif
CSSM_ACL_AUTHORIZATION_TAG rights[numAcls];
memset(rights, 0, sizeof(rights));
for (CFIndex iCnt = 0; iCnt < numAcls; iCnt++)
{
CFStringRef aclStr = (CFStringRef)CFArrayGetValueAtIndex(acls, iCnt);
#ifndef NDEBUG
debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
CFSTR("SecAccessCreateWithOwnerAndACL: acls[%d] = %@"), (int)iCnt, aclStr);
CFShow(debugStr);
CFRelease(debugStr);
#endif
CSSM_ACL_AUTHORIZATION_TAG aTag = GetACLAuthorizationTagFromString(aclStr);
#ifndef NDEBUG
debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
CFSTR("SecAccessCreateWithOwnerAndACL: rights[%d] = %d"), (int)iCnt, aTag);
CFShow(debugStr);
CFRelease(debugStr);
#endif
rights[iCnt] = aTag;
}
for (CFIndex iCnt = 0; iCnt < numAcls; iCnt++)
{
#ifndef NDEBUG
debugStr = CFStringCreateWithFormat(kCFAllocatorDefault, NULL,
CFSTR("SecAccessCreateWithOwnerAndACL: rights[%d] = %d"), (int)iCnt, rights[iCnt]);
CFShow(debugStr);
CFRelease(debugStr);
#endif
}
CSSM_ACL_OWNER_PROTOTYPE owner =
{
// TypedSubject
{ CSSM_LIST_TYPE_UNKNOWN, &subject1, &subject2 },
// Delegate
false
};
// ACL entries (any number, just one here)
CSSM_ACL_ENTRY_INFO acl_rights[] =
{
{
// prototype
{
// TypedSubject
{ CSSM_LIST_TYPE_UNKNOWN, &subject1, &subject2 },
false, // Delegate
// rights for this entry
{ (uint32)(sizeof(rights) / sizeof(rights[0])), rights },
// rest is defaulted
}
}
};
OSStatus err = SecAccessCreateFromOwnerAndACL(&owner,
sizeof(acl_rights) / sizeof(acl_rights[0]), acl_rights, &result);
if (errSecSuccess != err)
{
result = NULL;
if (NULL != error)
{
*error = CFErrorCreate(kCFAllocatorDefault, CFSTR("FIX ME"), err, NULL);
}
}
return result;
}
